Sorry, I forgot to say that I have put in place the the rotation below:
root@mymaster:/# cat /etc/logrotate.d/krb5kdc
/var/log/krb5kdc/krb5kdc.log {
rotate 120
monthly
compress
missingok
notifempty
}
Incidentally the reason why I want to do that is that the log file
/var/log/krb5kdc.log
gets too big.
My setup is as follows: users are created in the College Windows AD and
there is an inter-realm trust between the Windows DCs and our
departmental Linux kerberos servers.
So I get a lot of entries such as
===
Feb 26 14:06:00 mymaster.doc.ic.ac.uk krb5kdc[43052](info): AS_REQ (9
etypes {18 17 16 23 25 26 1 3 2}) __an_ip_address__: CLIENT_NOT_FOUND:
a_u...@doc.ic.ac.uk for <unknown server>, Client not found in Kerberos
database
===
Regards,
Giuseppe
On 26/02/16 11:22, Giuseppe Mazza wrote:
> Hi there,
>
> I have got the following problem. If I change the location of the
> log file in /etc/krb5.conf
> from /var/log/krb5kdc.log
> to /var/log/krb5kdc/krb5kdc.log
> i.e.
> root@mymaster:/var/log# grep krb5kdc /etc/krb5.conf
> kdc = FILE:/var/log/krb5kdc/krb5kdc.log
>
> then the new log file /var/log/krb5kdc/krb5kdc.log is empty.
>
> root@mymaster:/var/log# ls -ld /var/log/krb5kdc
> drwxr-xr-x 2 root root 24 Feb 26 09:45 /var/log/krb5kdc
> root@mymaster:/var/log# ls -lh /var/log/krb5kdc/krb5kdc.log
> -rw-r--r-- 1 root root 0 Feb 25 14:30 /var/log/krb5kdc/krb5kdc.log
>
> In other words I make the change, restart the service krb5-kdc,
> I can see entries in "tail -f /var/log/krb5kdc/krb5kdc.log"
> coming in, but when I Ctrl-c "tail -f /var/log/krb5kdc/krb5kdc.log"
> the file /var/log/krb5kdc/krb5kdc.log is empty.
>
>
> root@mymaster:/# aptitude show krb5-kdc | grep Version
> Version: 1.12+dfsg-2ubuntu5.2
>
> Any idea?
>
> Kind regards,
> Giuseppe
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
